Lucene search

K
nessusTenable9213.PRM
HistoryApr 08, 2016 - 12:00 a.m.

Drupal 6.x < 6.35 / 7.x < 7.35 Multiple Vulnerabilities

2016-04-0800:00:00
Tenable
www.tenable.com
15

The remote web server is hosting an outdated version of Drupal, a PHP-based open-source content management system. The version of Drupal installed on the remote server is 6.x prior to 6.35 or 7.x prior to 7.35, and is affected by the following vulnerabilities :

  • An access bypass vulnerability exists in which password reset URLs can be forged. This allows a remote attacker to gain access to another user’s account. (CVE-2015-2559)
  • An open redirect vulnerability exists which allows a remote attacker to craft a URL using the ‘destination’ parameter in order to trick users into being redirected to third-party sites. Additionally, several URL related API functions can be tricked into passing external URLs. (CVE-2015-2749, CVE-2015-2750)
Binary data 9213.prm
VendorProductVersion
drupaldrupal